From 5b51fc4f065e9e68eefb530eb99ad8da9f4e5d28 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 11 Apr 2003 23:32:00 +0000 Subject: smbcquota patch from metze (This used to be commit 74fab8f0d24004b1dfd5ce0fd7402895652f941f) --- source3/libsmb/clifsinfo.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 source3/libsmb/clifsinfo.c (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c new file mode 100644 index 0000000000..00fe189e9a --- /dev/null +++ b/source3/libsmb/clifsinfo.c @@ -0,0 +1,76 @@ +/* + Unix SMB/CIFS implementation. + FS info functions + Copyright (C) Stefan (metze) Metzmacher 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + + +BOOL cli_get_fs_attr_info(struct cli_state *cli, uint32 *fs_attr) +{ + BOOL ret = False; + uint16 setup; + char param[2]; + char *rparam=NULL, *rdata=NULL; + unsigned int rparam_count=0, rdata_count=0; + + if (!cli||!fs_attr) + smb_panic("cli_get_fs_attr_info() called with NULL Pionter!"); + + setup = TRANSACT2_QFSINFO; + + SSVAL(param,0,SMB_QUERY_FS_ATTRIBUTE_INFO); + + if (!cli_send_trans(cli, SMBtrans2, + NULL, + 0, 0, + &setup, 1, 0, + param, 2, 0, + NULL, 0, 560)) { + goto cleanup; + } + + if (!cli_receive_trans(cli, SMBtrans2, + &rparam, &rparam_count, + &rdata, &rdata_count)) { + goto cleanup; + } + + if (cli_is_error(cli)) { + ret = False; + goto cleanup; + } else { + ret = True; + } + + if (rdata_count < 12) { + goto cleanup; + } + + *fs_attr = IVAL(rdata,0); + + /* todo: but not yet needed + * return the other stuff + */ + +cleanup: + SAFE_FREE(rparam); + SAFE_FREE(rdata); + + return ret; +} -- cgit From f995b164b98221e224661e370d61ad08dadb2986 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 12 Nov 2004 23:42:12 +0000 Subject: r3713: Implementation of get posix acls in UNIX extensions. Passes valgrind. Need to add printout functions in client and set posix acl in server. SteveF - take a look at this for the cifsfs client ! Once this is working and tested the next step is to write this up for the UNIX extensions spec. documents. Jeremy. (This used to be commit 1bd3f133442a472b4718b94a636f2fec89a2e0dc) --- source3/libsmb/clifsinfo.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 00fe189e9a..22c8bff3ba 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -20,6 +20,64 @@ #include "includes.h" +/**************************************************************************** + Get UNIX extensions version info. +****************************************************************************/ + +BOOL cli_unix_extensions_version(struct cli_state *cli, uint16 *pmajor, uint16 *pminor, + uint32 *pcaplow, uint32 *pcaphigh) +{ + BOOL ret = False; + uint16 setup; + char param[2]; + char *rparam=NULL, *rdata=NULL; + unsigned int rparam_count=0, rdata_count=0; + + setup = TRANSACT2_QFSINFO; + + SSVAL(param,0,SMB_QUERY_CIFS_UNIX_INFO); + + if (!cli_send_trans(cli, SMBtrans2, + NULL, + 0, 0, + &setup, 1, 0, + param, 2, 0, + NULL, 0, 560)) { + goto cleanup; + } + + if (!cli_receive_trans(cli, SMBtrans2, + &rparam, &rparam_count, + &rdata, &rdata_count)) { + goto cleanup; + } + + if (cli_is_error(cli)) { + ret = False; + goto cleanup; + } else { + ret = True; + } + + if (rdata_count < 12) { + goto cleanup; + } + + *pmajor = SVAL(rdata,0); + *pminor = SVAL(rdata,2); + *pcaplow = IVAL(rdata,4); + *pcaphigh = IVAL(rdata,8); + + /* todo: but not yet needed + * return the other stuff + */ + +cleanup: + SAFE_FREE(rparam); + SAFE_FREE(rdata); + + return ret; +} BOOL cli_get_fs_attr_info(struct cli_state *cli, uint32 *fs_attr) { -- cgit From 3fb83080723f53a7dbd51cafe291bd0eae9197a5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 30 Mar 2005 00:47:57 +0000 Subject: r6120: Added "volume" command to smbclient that prints out the volume name and serial number. Jeremy. (This used to be commit c69623072e4112a4719867ea4809f5145b3cb64c) --- source3/libsmb/clifsinfo.c | 115 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 22c8bff3ba..2874ee6ca1 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -132,3 +132,118 @@ cleanup: return ret; } + +BOOL cli_get_fs_volume_info_old(struct cli_state *cli, fstring volume_name, uint32 *pserial_number) +{ + BOOL ret = False; + uint16 setup; + char param[2]; + char *rparam=NULL, *rdata=NULL; + unsigned int rparam_count=0, rdata_count=0; + unsigned char nlen; + + setup = TRANSACT2_QFSINFO; + + SSVAL(param,0,SMB_INFO_VOLUME); + + if (!cli_send_trans(cli, SMBtrans2, + NULL, + 0, 0, + &setup, 1, 0, + param, 2, 0, + NULL, 0, 560)) { + goto cleanup; + } + + if (!cli_receive_trans(cli, SMBtrans2, + &rparam, &rparam_count, + &rdata, &rdata_count)) { + goto cleanup; + } + + if (cli_is_error(cli)) { + ret = False; + goto cleanup; + } else { + ret = True; + } + + if (rdata_count < 5) { + goto cleanup; + } + + if (pserial_number) { + *pserial_number = IVAL(rdata,0); + } + nlen = CVAL(rdata,l2_vol_cch); + clistr_pull(cli, volume_name, rdata + l2_vol_szVolLabel, sizeof(fstring), nlen, STR_NOALIGN); + + /* todo: but not yet needed + * return the other stuff + */ + +cleanup: + SAFE_FREE(rparam); + SAFE_FREE(rdata); + + return ret; +} + +BOOL cli_get_fs_volume_info(struct cli_state *cli, fstring volume_name, uint32 *pserial_number, time_t *pdate) +{ + BOOL ret = False; + uint16 setup; + char param[2]; + char *rparam=NULL, *rdata=NULL; + unsigned int rparam_count=0, rdata_count=0; + unsigned int nlen; + + setup = TRANSACT2_QFSINFO; + + SSVAL(param,0,SMB_QUERY_FS_VOLUME_INFO); + + if (!cli_send_trans(cli, SMBtrans2, + NULL, + 0, 0, + &setup, 1, 0, + param, 2, 0, + NULL, 0, 560)) { + goto cleanup; + } + + if (!cli_receive_trans(cli, SMBtrans2, + &rparam, &rparam_count, + &rdata, &rdata_count)) { + goto cleanup; + } + + if (cli_is_error(cli)) { + ret = False; + goto cleanup; + } else { + ret = True; + } + + if (rdata_count < 19) { + goto cleanup; + } + + if (pdate) { + *pdate = interpret_long_date(rdata); + } + if (pserial_number) { + *pserial_number = IVAL(rdata,8); + } + nlen = IVAL(rdata,12); + clistr_pull(cli, volume_name, rdata + 18, sizeof(fstring), nlen, STR_UNICODE); + + /* todo: but not yet needed + * return the other stuff + */ + +cleanup: + SAFE_FREE(rparam); + SAFE_FREE(rdata); + + return ret; +} -- cgit From 760671b0e2b5b169a6563783c3c10f3031bb7c9e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 12 Jul 2006 00:21:14 +0000 Subject: r16962: Add a few utility fns into client. Allow POSIX capabilities to be selected. Jeremy. (This used to be commit 2d8d4bd77bac6f5e7865657e12affd8b94aa85c3) --- source3/libsmb/clifsinfo.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 2874ee6ca1..c6aa6a70a0 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -79,6 +79,59 @@ cleanup: return ret; } +/**************************************************************************** + Set UNIX extensions capabilities. +****************************************************************************/ + +BOOL cli_set_unix_extensions_capabilities(struct cli_state *cli, uint16 major, uint16 minor, + uint32 caplow, uint32 caphigh) +{ + BOOL ret = False; + uint16 setup; + char param[4]; + char data[12]; + char *rparam=NULL, *rdata=NULL; + unsigned int rparam_count=0, rdata_count=0; + + setup = TRANSACT2_SETFSINFO; + + SSVAL(param,0,0); + SSVAL(param,2,SMB_SET_CIFS_UNIX_INFO); + + SSVAL(data,0,major); + SSVAL(data,2,minor); + SIVAL(data,4,caplow); + SIVAL(data,8,caphigh); + + if (!cli_send_trans(cli, SMBtrans2, + NULL, + 0, 0, + &setup, 1, 0, + param, 4, 0, + data, 12, 560)) { + goto cleanup; + } + + if (!cli_receive_trans(cli, SMBtrans2, + &rparam, &rparam_count, + &rdata, &rdata_count)) { + goto cleanup; + } + + if (cli_is_error(cli)) { + ret = False; + goto cleanup; + } else { + ret = True; + } + +cleanup: + SAFE_FREE(rparam); + SAFE_FREE(rdata); + + return ret; +} + BOOL cli_get_fs_attr_info(struct cli_state *cli, uint32 *fs_attr) { BOOL ret = False; -- cgit From a64925ddff467a47f7adfac4b1b977ddc0c7f4ef Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 24 Aug 2006 16:44:00 +0000 Subject: r17800: Start using struct timespec internally for file times on the wire. This allows us to go to nsec resolution for systems that support it. It should also now be easy to add a correct "create time" (birth time) for systems that support it (*BSD). I'll be watching the build farm closely after this one for breakage :-). Jeremy. (This used to be commit 425280a1d23f97ef0b0be77462386d619f47b21d) --- source3/libsmb/clifsinfo.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index c6aa6a70a0..9c3b6e3aed 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -282,7 +282,9 @@ BOOL cli_get_fs_volume_info(struct cli_state *cli, fstring volume_name, uint32 * } if (pdate) { - *pdate = interpret_long_date(rdata); + struct timespec ts; + ts = interpret_long_date(rdata); + *pdate = ts.tv_sec; } if (pserial_number) { *pserial_number = IVAL(rdata,8); -- cgit From 071db6fdbff694681fa1793ee678a9a0af3e266a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 21 Mar 2007 00:25:08 +0000 Subject: r21897: Add in a basic raw NTLM encrypt request. Now for testing. Jeremy. (This used to be commit 783a7b3085a155d9652cd725bf2960cd272cb554) --- source3/libsmb/clifsinfo.c | 113 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 9c3b6e3aed..52e12a38e3 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -302,3 +302,116 @@ cleanup: return ret; } + +/****************************************************************************** + Send/receive the request encryption blob. +******************************************************************************/ + +static NTSTATUS enc_blob_send_receive(struct cli_state *cli, DATA_BLOB *in, DATA_BLOB *out) +{ + uint16 setup; + char param[2]; + char *rparam=NULL, *rdata=NULL; + unsigned int rparam_count=0, rdata_count=0; + NTSTATUS status = NT_STATUS_OK; + + setup = TRANSACT2_SETFSINFO; + + SSVAL(param,0,SMB_REQUEST_TRANSPORT_ENCRYPTION); + + if (!cli_send_trans(cli, SMBtrans2, + NULL, + 0, 0, + &setup, 1, 0, + param, 2, 0, + (char *)in->data, in->length, CLI_BUFFER_SIZE)) { + status = cli_nt_error(cli); + goto out; + } + + if (!cli_receive_trans(cli, SMBtrans2, + &rparam, &rparam_count, + &rdata, &rdata_count)) { + status = cli_nt_error(cli); + goto out; + } + + if (cli_is_error(cli)) { + status = cli_nt_error(cli); + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + goto out; + } + } + + *out = data_blob(rdata, rdata_count); + + out: + + SAFE_FREE(rparam); + SAFE_FREE(rdata); + return status; +} + +/****************************************************************************** + Start a raw ntlmssp encryption. +******************************************************************************/ + +NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, + const char *user, + const char *pass, + const char *domain) +{ + DATA_BLOB blob_in = data_blob(NULL, 0); + DATA_BLOB blob_out = data_blob(NULL, 0); + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + struct smb_trans_enc_state *es = NULL; + + es = SMB_MALLOC_P(struct smb_trans_enc_state); + if (!es) { + return NT_STATUS_NO_MEMORY; + } + ZERO_STRUCTP(es); + es->smb_enc_type = SMB_TRANS_ENC_NTLM; + status = ntlmssp_client_start(&es->ntlmssp_state); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + ntlmssp_want_feature(es->ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + es->ntlmssp_state->neg_flags |= (NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL); + + if (!NT_STATUS_IS_OK(status = ntlmssp_set_username(es->ntlmssp_state, user))) { + goto fail; + } + if (!NT_STATUS_IS_OK(status = ntlmssp_set_domain(es->ntlmssp_state, domain))) { + goto fail; + } + if (!NT_STATUS_IS_OK(status = ntlmssp_set_password(es->ntlmssp_state, pass))) { + goto fail; + } + + do { + status = ntlmssp_update(es->ntlmssp_state, blob_in, &blob_out); + data_blob_free(&blob_in); + if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) { + status = enc_blob_send_receive(cli, &blob_out, &blob_in); + } + data_blob_free(&blob_out); + } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)); + + data_blob_free(&blob_in); + + if (NT_STATUS_IS_OK(status)) { + /* Replace the old state, if any. */ + if (cli->trans_enc_state) { + common_free_encryption_state(&cli->trans_enc_state); + } + cli->trans_enc_state = es; + cli->trans_enc_state->enc_on = True; + } + + fail: + + common_free_encryption_state(&es); + return status; +} -- cgit From a828b56884a1385823cdb1d186860a1e1466fca7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 21 Mar 2007 00:44:15 +0000 Subject: r21898: Added test command, fixed first valgrind bugs. Now to investigate why it doesn't work :-). Jeremy. (This used to be commit 73f7c6cef8371ad63eb1dc3e79bfc78503dbd7a4) --- source3/libsmb/clifsinfo.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 52e12a38e3..0bd1e124ea 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -310,20 +310,21 @@ cleanup: static NTSTATUS enc_blob_send_receive(struct cli_state *cli, DATA_BLOB *in, DATA_BLOB *out) { uint16 setup; - char param[2]; + char param[4]; char *rparam=NULL, *rdata=NULL; unsigned int rparam_count=0, rdata_count=0; NTSTATUS status = NT_STATUS_OK; setup = TRANSACT2_SETFSINFO; - SSVAL(param,0,SMB_REQUEST_TRANSPORT_ENCRYPTION); + SSVAL(param,0,0); + SSVAL(param,2,SMB_REQUEST_TRANSPORT_ENCRYPTION); if (!cli_send_trans(cli, SMBtrans2, NULL, 0, 0, &setup, 1, 0, - param, 2, 0, + param, 4, 0, (char *)in->data, in->length, CLI_BUFFER_SIZE)) { status = cli_nt_error(cli); goto out; -- cgit From 9874b3bfa7f7e7de0e389ea84dbff4a824520bc2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 21 Mar 2007 01:32:01 +0000 Subject: r21902: Don't free the thing you're trying to set in the cli state. Jeremy. (This used to be commit 1639366561bd63d7023c54f811e2f87dcbbd0a31) --- source3/libsmb/clifsinfo.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 0bd1e124ea..8e994dd67b 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -409,6 +409,7 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, } cli->trans_enc_state = es; cli->trans_enc_state->enc_on = True; + es = NULL; } fail: -- cgit From f93d75c932e7a48da8bcd589d7505bf5445b89df Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 22 Mar 2007 02:24:12 +0000 Subject: r21926: Fix missing enum specifier pointed out by Don McCall @ HP. Thanks Don ! Jeremy. (This used to be commit 662344d1ec3593689de7602afa518ed98e10dc37) --- source3/libsmb/clifsinfo.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 8e994dd67b..92537ed317 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -373,26 +373,26 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, } ZERO_STRUCTP(es); es->smb_enc_type = SMB_TRANS_ENC_NTLM; - status = ntlmssp_client_start(&es->ntlmssp_state); + status = ntlmssp_client_start(&es->s.ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { goto fail; } - ntlmssp_want_feature(es->ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); - es->ntlmssp_state->neg_flags |= (NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL); + ntlmssp_want_feature(es->s.ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + es->s.ntlmssp_state->neg_flags |= (NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL); - if (!NT_STATUS_IS_OK(status = ntlmssp_set_username(es->ntlmssp_state, user))) { + if (!NT_STATUS_IS_OK(status = ntlmssp_set_username(es->s.ntlmssp_state, user))) { goto fail; } - if (!NT_STATUS_IS_OK(status = ntlmssp_set_domain(es->ntlmssp_state, domain))) { + if (!NT_STATUS_IS_OK(status = ntlmssp_set_domain(es->s.ntlmssp_state, domain))) { goto fail; } - if (!NT_STATUS_IS_OK(status = ntlmssp_set_password(es->ntlmssp_state, pass))) { + if (!NT_STATUS_IS_OK(status = ntlmssp_set_password(es->s.ntlmssp_state, pass))) { goto fail; } do { - status = ntlmssp_update(es->ntlmssp_state, blob_in, &blob_out); + status = ntlmssp_update(es->s.ntlmssp_state, blob_in, &blob_out); data_blob_free(&blob_in); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) { status = enc_blob_send_receive(cli, &blob_out, &blob_in); -- cgit From 4a66d0e232271968ba96da50274428916a393975 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 27 Mar 2007 21:13:31 +0000 Subject: r21991: I hate Steve French :-). Add support for encryption contexts.... Jeremy. (This used to be commit ae8f3649f773b8a8dcb55921536d038d3475322e) --- source3/libsmb/clifsinfo.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 92537ed317..149af32574 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -307,7 +307,7 @@ cleanup: Send/receive the request encryption blob. ******************************************************************************/ -static NTSTATUS enc_blob_send_receive(struct cli_state *cli, DATA_BLOB *in, DATA_BLOB *out) +static NTSTATUS enc_blob_send_receive(struct cli_state *cli, DATA_BLOB *in, DATA_BLOB *out, DATA_BLOB *param_out) { uint16 setup; char param[4]; @@ -345,6 +345,7 @@ static NTSTATUS enc_blob_send_receive(struct cli_state *cli, DATA_BLOB *in, DATA } *out = data_blob(rdata, rdata_count); + *param_out = data_blob(rparam, rparam_count); out: @@ -364,6 +365,7 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, { DATA_BLOB blob_in = data_blob(NULL, 0); DATA_BLOB blob_out = data_blob(NULL, 0); + DATA_BLOB param_out = data_blob(NULL, 0); NTSTATUS status = NT_STATUS_UNSUCCESSFUL; struct smb_trans_enc_state *es = NULL; @@ -394,8 +396,12 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, do { status = ntlmssp_update(es->s.ntlmssp_state, blob_in, &blob_out); data_blob_free(&blob_in); + data_blob_free(¶m_out); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) { - status = enc_blob_send_receive(cli, &blob_out, &blob_in); + status = enc_blob_send_receive(cli, &blob_out, &blob_in, ¶m_out); + } + if (param_out.length == 2) { + es->enc_ctx_num = SVAL(param_out.data, 0); } data_blob_free(&blob_out); } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)); -- cgit From 9812a7e32e515315302d3040a4145592640de7f7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 18 Apr 2007 00:34:10 +0000 Subject: r22327: Finish the gss-spnego part of the seal code. Now for testing.... Jeremy. (This used to be commit 1c1f5360b67792f14b50835a2c5a4d4ac68aca8f) --- source3/libsmb/clifsinfo.c | 185 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 181 insertions(+), 4 deletions(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 149af32574..be988a433f 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -2,6 +2,7 @@ Unix SMB/CIFS implementation. FS info functions Copyright (C) Stefan (metze) Metzmacher 2003 + Copyright (C) Jeremy Allison 2007. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -354,6 +355,22 @@ static NTSTATUS enc_blob_send_receive(struct cli_state *cli, DATA_BLOB *in, DATA return status; } +/****************************************************************************** + Make a client state struct. +******************************************************************************/ + +static struct smb_trans_enc_state *make_cli_enc_state(enum smb_trans_enc_type smb_enc_type) +{ + struct smb_trans_enc_state *es = NULL; + es = SMB_MALLOC_P(struct smb_trans_enc_state); + if (!es) { + return NULL; + } + ZERO_STRUCTP(es); + es->smb_enc_type = smb_enc_type; + return es; +} + /****************************************************************************** Start a raw ntlmssp encryption. ******************************************************************************/ @@ -367,14 +384,11 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, DATA_BLOB blob_out = data_blob(NULL, 0); DATA_BLOB param_out = data_blob(NULL, 0); NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - struct smb_trans_enc_state *es = NULL; + struct smb_trans_enc_state *es = make_cli_enc_state(SMB_TRANS_ENC_NTLM); - es = SMB_MALLOC_P(struct smb_trans_enc_state); if (!es) { return NT_STATUS_NO_MEMORY; } - ZERO_STRUCTP(es); - es->smb_enc_type = SMB_TRANS_ENC_NTLM; status = ntlmssp_client_start(&es->s.ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { goto fail; @@ -423,3 +437,166 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, common_free_encryption_state(&es); return status; } + +#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) + +#ifndef SMB_GSS_REQUIRED_FLAGS +#define SMB_GSS_REQUIRED_FLAGS (GSS_C_CONF_FLAG|GSS_C_INTEG_FLAG|GSS_C_MUTUAL_FLAG|GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG) +#endif + +/****************************************************************************** + Get client gss blob to send to a server. +******************************************************************************/ + +static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es, + const char *service, + const char *host, + NTSTATUS status_in, + DATA_BLOB spnego_blob_in, + DATA_BLOB *p_blob_out) +{ + const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_KERBEROS5, NULL}; + OM_uint32 ret; + OM_uint32 min; + gss_name_t srv_name; + gss_buffer_desc input_name; + gss_buffer_desc *p_tok_in; + gss_buffer_desc tok_out, tok_in; + DATA_BLOB blob_out = data_blob(NULL, 0); + DATA_BLOB blob_in = data_blob(NULL, 0); + char *host_princ_s = NULL; + OM_uint32 ret_flags = 0; + NTSTATUS status = NT_STATUS_OK; + + memset(&tok_out, '\0', sizeof(tok_out)); + + /* Get a ticket for the service@host */ + asprintf(&host_princ_s, "%s@%s", service, host); + if (host_princ_s == NULL) { + return NT_STATUS_NO_MEMORY; + } + + input_name.value = host_princ_s; + input_name.length = strlen(host_princ_s) + 1; + + ret = gss_import_name(&min, + &input_name, + GSS_C_NT_HOSTBASED_SERVICE, + &srv_name); + + if (ret != GSS_S_COMPLETE) { + SAFE_FREE(host_princ_s); + return map_nt_error_from_gss(ret, min); + } + + if (spnego_blob_in.length == 0) { + p_tok_in = GSS_C_NO_BUFFER; + } else { + /* Remove the SPNEGO wrapper */ + if (!spnego_parse_auth_response(spnego_blob_in, status_in, OID_KERBEROS5, &blob_in)) { + status = NT_STATUS_UNSUCCESSFUL; + goto fail; + } + tok_in.value = blob_in.data; + tok_in.length = blob_in.length; + p_tok_in = &tok_in; + } + + ret = gss_init_sec_context(&min, + GSS_C_NO_CREDENTIAL, /* Use our default cred. */ + &es->s.gss_state->gss_ctx, + srv_name, + GSS_C_NO_OID, /* default OID. */ + GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, + GSS_C_INDEFINITE, /* requested ticket lifetime. */ + NULL, /* no channel bindings */ + p_tok_in, + NULL, /* ignore mech type */ + &tok_out, + &ret_flags, + NULL); /* ignore time_rec */ + + status = map_nt_error_from_gss(ret, min); + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) { + goto fail; + } + + if ((ret_flags & SMB_GSS_REQUIRED_FLAGS) != SMB_GSS_REQUIRED_FLAGS) { + status = NT_STATUS_ACCESS_DENIED; + } + + blob_out = data_blob(tok_out.value, tok_out.length); + + /* Wrap in an SPNEGO wrapper */ + *p_blob_out = gen_negTokenTarg(krb_mechs, blob_out); + + fail: + + data_blob_free(&blob_out); + data_blob_free(&blob_in); + SAFE_FREE(host_princ_s); + gss_release_name(&min, &srv_name); + if (tok_out.value) { + gss_release_buffer(&min, &tok_out); + } + return status; +} + +/****************************************************************************** + Start a SPNEGO gssapi encryption context. +******************************************************************************/ + +NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) +{ + DATA_BLOB blob_recv = data_blob(NULL, 0); + DATA_BLOB blob_send = data_blob(NULL, 0); + DATA_BLOB param_out = data_blob(NULL, 0); + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + fstring fqdn; + const char *servicename; + struct smb_trans_enc_state *es = make_cli_enc_state(SMB_TRANS_ENC_GSS); + + if (!es) { + return NT_STATUS_NO_MEMORY; + } + + name_to_fqdn(fqdn, cli->desthost); + strlower_m(fqdn); + + servicename = "cifs"; + status = make_cli_gss_blob(es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send); + if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) { + servicename = "host"; + status = make_cli_gss_blob(es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send); + if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) { + goto fail; + } + } + + do { + data_blob_free(&blob_recv); + status = enc_blob_send_receive(cli, &blob_send, &blob_recv, ¶m_out); + if (param_out.length == 2) { + es->enc_ctx_num = SVAL(param_out.data, 0); + } + data_blob_free(&blob_send); + status = make_cli_gss_blob(es, servicename, fqdn, status, blob_recv, &blob_send); + } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)); + data_blob_free(&blob_recv); + + if (NT_STATUS_IS_OK(status)) { + /* Replace the old state, if any. */ + if (cli->trans_enc_state) { + common_free_encryption_state(&cli->trans_enc_state); + } + cli->trans_enc_state = es; + cli->trans_enc_state->enc_on = True; + es = NULL; + } + + fail: + + common_free_encryption_state(&es); + return status; +} +#endif -- cgit From 8e1b82e7ac13b596af0d33a81fa5deba39c671d7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 18 Apr 2007 21:56:18 +0000 Subject: r22344: Correctly create sub-struct for GSS encryption. Jeremy. (This used to be commit 197c90ec78545e7e3c03ff5787839ca134f3036a) --- source3/libsmb/clifsinfo.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index be988a433f..1ec1aea5af 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -368,6 +368,21 @@ static struct smb_trans_enc_state *make_cli_enc_state(enum smb_trans_enc_type sm } ZERO_STRUCTP(es); es->smb_enc_type = smb_enc_type; + + if (smb_enc_type == SMB_TRANS_ENC_GSS) { +#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) + es->s.gss_state = SMB_MALLOC_P(struct smb_tran_enc_state_gss); + if (!es->s.gss_state) { + SAFE_FREE(es); + return NULL; + } + ZERO_STRUCTP(es->s.gss_state); +#else + DEBUG(0,("make_cli_enc_state: no krb5 compiled.\n"); + SAFE_FREE(es); + return NULL; +#endif + } return es; } -- cgit From 093bcd7df946f16e7ab682facd3c3c268e4e4cf2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 18 Apr 2007 22:02:30 +0000 Subject: r22345: Only use new krb5 OID. Jeremy. (This used to be commit 1a46d2dcb930f433457877e143f5a602b6b9091e) --- source3/libsmb/clifsinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 1ec1aea5af..9d8b08b373 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -470,7 +470,7 @@ static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es, DATA_BLOB spnego_blob_in, DATA_BLOB *p_blob_out) { - const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_KERBEROS5, NULL}; + const char *krb_mechs[] = {OID_KERBEROS5, NULL}; OM_uint32 ret; OM_uint32 min; gss_name_t srv_name; -- cgit From c5fb215efb757b0ed9a7010a0e44253c8e219aae Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 18 Apr 2007 22:34:23 +0000 Subject: r22349: Fix missing ) in #else path. Jeremy. (This used to be commit 0f5680adcfb4f1636ba5a5c3ba9684f9fde8476a) --- source3/libsmb/clifsinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 9d8b08b373..4924bfdba0 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -378,7 +378,7 @@ static struct smb_trans_enc_state *make_cli_enc_state(enum smb_trans_enc_type sm } ZERO_STRUCTP(es->s.gss_state); #else - DEBUG(0,("make_cli_enc_state: no krb5 compiled.\n"); + DEBUG(0,("make_cli_enc_state: no krb5 compiled.\n")); SAFE_FREE(es); return NULL; #endif -- cgit From f7fc540d848d5f5950f4adf921b5972be2eb81a4 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 19 Apr 2007 00:51:18 +0000 Subject: r22354: Make client select krb5 encrpyt if krb5 already on. Jeremy. (This used to be commit 7b89a5de57cd5fed814eda95e44dcc345f380fb2) --- source3/libsmb/clifsinfo.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 4924bfdba0..e46456abb1 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -614,4 +614,9 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) common_free_encryption_state(&es); return status; } +#else +NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) +{ + return NT_STATUS_NOT_SUPPORTED; +} #endif -- cgit From e8d19d5e1aa6a101300879e94faacc8c4b3509a5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 19 Apr 2007 01:20:37 +0000 Subject: r22355: Ensure we get good debug messages from gss_XX calls. Jeremy. (This used to be commit fe36fc79ddd4f2f2c88204055fca60a193586234) --- source3/libsmb/clifsinfo.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index e46456abb1..a7bdeecca9 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -533,6 +533,9 @@ static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es, status = map_nt_error_from_gss(ret, min); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) { + ADS_STATUS adss = ADS_ERROR_GSS(ret, min); + DEBUG(10,("make_cli_gss_blob: gss_init_sec_context failed with %s\n", + ads_errstr(adss))); goto fail; } -- cgit From f2da00aadcf3a47d9f6a0662c97c36be32172c1a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 19 Apr 2007 08:45:29 +0000 Subject: r22362: fix the build on othersystems metze (This used to be commit 68a681038ca60c83784321979c595def9e74ed41) --- source3/libsmb/clifsinfo.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index a7bdeecca9..0bc4f7f2f2 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -483,6 +483,9 @@ static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es, OM_uint32 ret_flags = 0; NTSTATUS status = NT_STATUS_OK; + gss_OID_desc nt_hostbased_service = + {10, CONST_DISCARD(char *,"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04")}; + memset(&tok_out, '\0', sizeof(tok_out)); /* Get a ticket for the service@host */ @@ -496,7 +499,7 @@ static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es, ret = gss_import_name(&min, &input_name, - GSS_C_NT_HOSTBASED_SERVICE, + &nt_hostbased_service, &srv_name); if (ret != GSS_S_COMPLETE) { -- cgit From b4a7b7a8889737e2891fc1176feabd4ce47f2737 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 14 May 2007 12:16:20 +0000 Subject: r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e) --- source3/libsmb/clifsinfo.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 0bc4f7f2f2..d8ada1a896 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -395,9 +395,9 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, const char *pass, const char *domain) { - DATA_BLOB blob_in = data_blob(NULL, 0); - DATA_BLOB blob_out = data_blob(NULL, 0); - DATA_BLOB param_out = data_blob(NULL, 0); + DATA_BLOB blob_in = data_blob_null; + DATA_BLOB blob_out = data_blob_null; + DATA_BLOB param_out = data_blob_null; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; struct smb_trans_enc_state *es = make_cli_enc_state(SMB_TRANS_ENC_NTLM); @@ -477,8 +477,8 @@ static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es, gss_buffer_desc input_name; gss_buffer_desc *p_tok_in; gss_buffer_desc tok_out, tok_in; - DATA_BLOB blob_out = data_blob(NULL, 0); - DATA_BLOB blob_in = data_blob(NULL, 0); + DATA_BLOB blob_out = data_blob_null; + DATA_BLOB blob_in = data_blob_null; char *host_princ_s = NULL; OM_uint32 ret_flags = 0; NTSTATUS status = NT_STATUS_OK; @@ -569,9 +569,9 @@ static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es, NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) { - DATA_BLOB blob_recv = data_blob(NULL, 0); - DATA_BLOB blob_send = data_blob(NULL, 0); - DATA_BLOB param_out = data_blob(NULL, 0); + DATA_BLOB blob_recv = data_blob_null; + DATA_BLOB blob_send = data_blob_null; + DATA_BLOB param_out = data_blob_null; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; fstring fqdn; const char *servicename; -- cgit From 32106b23951e01fb17f814584ebbcc8d7288cb75 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 16 May 2007 00:07:38 +0000 Subject: r22920: Add in the UNIX capability for 24-bit readX, as discussed with the Apple guys and Linux kernel guys. Still looking at how to do writeX as there's no recvfile(). Jeremy. (This used to be commit a53268fb2082de586e2df250d8ddfcff53379102) --- source3/libsmb/clifsinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index d8ada1a896..28facb511d 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -66,7 +66,7 @@ BOOL cli_unix_extensions_version(struct cli_state *cli, uint16 *pmajor, uint16 * *pmajor = SVAL(rdata,0); *pminor = SVAL(rdata,2); - *pcaplow = IVAL(rdata,4); + cli->posix_capabilities = *pcaplow = IVAL(rdata,4); *pcaphigh = IVAL(rdata,8); /* todo: but not yet needed -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/libsmb/clifsinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 28facb511d..ab0b2718fb 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -6,7 +6,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/libsmb/clifsinfo.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index ab0b2718fb..48865c98ca 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -15,8 +15,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From e5a951325a6cac8567af3a66de6d2df577508ae4 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Wed, 10 Oct 2007 15:34:30 -0500 Subject: [GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch. (This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab) --- source3/libsmb/clifsinfo.c | 324 --------------------------------------------- 1 file changed, 324 deletions(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 48865c98ca..d2f759b192 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -2,7 +2,6 @@ Unix SMB/CIFS implementation. FS info functions Copyright (C) Stefan (metze) Metzmacher 2003 - Copyright (C) Jeremy Allison 2007. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -302,326 +301,3 @@ cleanup: return ret; } - -/****************************************************************************** - Send/receive the request encryption blob. -******************************************************************************/ - -static NTSTATUS enc_blob_send_receive(struct cli_state *cli, DATA_BLOB *in, DATA_BLOB *out, DATA_BLOB *param_out) -{ - uint16 setup; - char param[4]; - char *rparam=NULL, *rdata=NULL; - unsigned int rparam_count=0, rdata_count=0; - NTSTATUS status = NT_STATUS_OK; - - setup = TRANSACT2_SETFSINFO; - - SSVAL(param,0,0); - SSVAL(param,2,SMB_REQUEST_TRANSPORT_ENCRYPTION); - - if (!cli_send_trans(cli, SMBtrans2, - NULL, - 0, 0, - &setup, 1, 0, - param, 4, 0, - (char *)in->data, in->length, CLI_BUFFER_SIZE)) { - status = cli_nt_error(cli); - goto out; - } - - if (!cli_receive_trans(cli, SMBtrans2, - &rparam, &rparam_count, - &rdata, &rdata_count)) { - status = cli_nt_error(cli); - goto out; - } - - if (cli_is_error(cli)) { - status = cli_nt_error(cli); - if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - goto out; - } - } - - *out = data_blob(rdata, rdata_count); - *param_out = data_blob(rparam, rparam_count); - - out: - - SAFE_FREE(rparam); - SAFE_FREE(rdata); - return status; -} - -/****************************************************************************** - Make a client state struct. -******************************************************************************/ - -static struct smb_trans_enc_state *make_cli_enc_state(enum smb_trans_enc_type smb_enc_type) -{ - struct smb_trans_enc_state *es = NULL; - es = SMB_MALLOC_P(struct smb_trans_enc_state); - if (!es) { - return NULL; - } - ZERO_STRUCTP(es); - es->smb_enc_type = smb_enc_type; - - if (smb_enc_type == SMB_TRANS_ENC_GSS) { -#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) - es->s.gss_state = SMB_MALLOC_P(struct smb_tran_enc_state_gss); - if (!es->s.gss_state) { - SAFE_FREE(es); - return NULL; - } - ZERO_STRUCTP(es->s.gss_state); -#else - DEBUG(0,("make_cli_enc_state: no krb5 compiled.\n")); - SAFE_FREE(es); - return NULL; -#endif - } - return es; -} - -/****************************************************************************** - Start a raw ntlmssp encryption. -******************************************************************************/ - -NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, - const char *user, - const char *pass, - const char *domain) -{ - DATA_BLOB blob_in = data_blob_null; - DATA_BLOB blob_out = data_blob_null; - DATA_BLOB param_out = data_blob_null; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - struct smb_trans_enc_state *es = make_cli_enc_state(SMB_TRANS_ENC_NTLM); - - if (!es) { - return NT_STATUS_NO_MEMORY; - } - status = ntlmssp_client_start(&es->s.ntlmssp_state); - if (!NT_STATUS_IS_OK(status)) { - goto fail; - } - - ntlmssp_want_feature(es->s.ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); - es->s.ntlmssp_state->neg_flags |= (NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL); - - if (!NT_STATUS_IS_OK(status = ntlmssp_set_username(es->s.ntlmssp_state, user))) { - goto fail; - } - if (!NT_STATUS_IS_OK(status = ntlmssp_set_domain(es->s.ntlmssp_state, domain))) { - goto fail; - } - if (!NT_STATUS_IS_OK(status = ntlmssp_set_password(es->s.ntlmssp_state, pass))) { - goto fail; - } - - do { - status = ntlmssp_update(es->s.ntlmssp_state, blob_in, &blob_out); - data_blob_free(&blob_in); - data_blob_free(¶m_out); - if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) { - status = enc_blob_send_receive(cli, &blob_out, &blob_in, ¶m_out); - } - if (param_out.length == 2) { - es->enc_ctx_num = SVAL(param_out.data, 0); - } - data_blob_free(&blob_out); - } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)); - - data_blob_free(&blob_in); - - if (NT_STATUS_IS_OK(status)) { - /* Replace the old state, if any. */ - if (cli->trans_enc_state) { - common_free_encryption_state(&cli->trans_enc_state); - } - cli->trans_enc_state = es; - cli->trans_enc_state->enc_on = True; - es = NULL; - } - - fail: - - common_free_encryption_state(&es); - return status; -} - -#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) - -#ifndef SMB_GSS_REQUIRED_FLAGS -#define SMB_GSS_REQUIRED_FLAGS (GSS_C_CONF_FLAG|GSS_C_INTEG_FLAG|GSS_C_MUTUAL_FLAG|GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG) -#endif - -/****************************************************************************** - Get client gss blob to send to a server. -******************************************************************************/ - -static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es, - const char *service, - const char *host, - NTSTATUS status_in, - DATA_BLOB spnego_blob_in, - DATA_BLOB *p_blob_out) -{ - const char *krb_mechs[] = {OID_KERBEROS5, NULL}; - OM_uint32 ret; - OM_uint32 min; - gss_name_t srv_name; - gss_buffer_desc input_name; - gss_buffer_desc *p_tok_in; - gss_buffer_desc tok_out, tok_in; - DATA_BLOB blob_out = data_blob_null; - DATA_BLOB blob_in = data_blob_null; - char *host_princ_s = NULL; - OM_uint32 ret_flags = 0; - NTSTATUS status = NT_STATUS_OK; - - gss_OID_desc nt_hostbased_service = - {10, CONST_DISCARD(char *,"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04")}; - - memset(&tok_out, '\0', sizeof(tok_out)); - - /* Get a ticket for the service@host */ - asprintf(&host_princ_s, "%s@%s", service, host); - if (host_princ_s == NULL) { - return NT_STATUS_NO_MEMORY; - } - - input_name.value = host_princ_s; - input_name.length = strlen(host_princ_s) + 1; - - ret = gss_import_name(&min, - &input_name, - &nt_hostbased_service, - &srv_name); - - if (ret != GSS_S_COMPLETE) { - SAFE_FREE(host_princ_s); - return map_nt_error_from_gss(ret, min); - } - - if (spnego_blob_in.length == 0) { - p_tok_in = GSS_C_NO_BUFFER; - } else { - /* Remove the SPNEGO wrapper */ - if (!spnego_parse_auth_response(spnego_blob_in, status_in, OID_KERBEROS5, &blob_in)) { - status = NT_STATUS_UNSUCCESSFUL; - goto fail; - } - tok_in.value = blob_in.data; - tok_in.length = blob_in.length; - p_tok_in = &tok_in; - } - - ret = gss_init_sec_context(&min, - GSS_C_NO_CREDENTIAL, /* Use our default cred. */ - &es->s.gss_state->gss_ctx, - srv_name, - GSS_C_NO_OID, /* default OID. */ - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, - GSS_C_INDEFINITE, /* requested ticket lifetime. */ - NULL, /* no channel bindings */ - p_tok_in, - NULL, /* ignore mech type */ - &tok_out, - &ret_flags, - NULL); /* ignore time_rec */ - - status = map_nt_error_from_gss(ret, min); - if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) { - ADS_STATUS adss = ADS_ERROR_GSS(ret, min); - DEBUG(10,("make_cli_gss_blob: gss_init_sec_context failed with %s\n", - ads_errstr(adss))); - goto fail; - } - - if ((ret_flags & SMB_GSS_REQUIRED_FLAGS) != SMB_GSS_REQUIRED_FLAGS) { - status = NT_STATUS_ACCESS_DENIED; - } - - blob_out = data_blob(tok_out.value, tok_out.length); - - /* Wrap in an SPNEGO wrapper */ - *p_blob_out = gen_negTokenTarg(krb_mechs, blob_out); - - fail: - - data_blob_free(&blob_out); - data_blob_free(&blob_in); - SAFE_FREE(host_princ_s); - gss_release_name(&min, &srv_name); - if (tok_out.value) { - gss_release_buffer(&min, &tok_out); - } - return status; -} - -/****************************************************************************** - Start a SPNEGO gssapi encryption context. -******************************************************************************/ - -NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) -{ - DATA_BLOB blob_recv = data_blob_null; - DATA_BLOB blob_send = data_blob_null; - DATA_BLOB param_out = data_blob_null; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - fstring fqdn; - const char *servicename; - struct smb_trans_enc_state *es = make_cli_enc_state(SMB_TRANS_ENC_GSS); - - if (!es) { - return NT_STATUS_NO_MEMORY; - } - - name_to_fqdn(fqdn, cli->desthost); - strlower_m(fqdn); - - servicename = "cifs"; - status = make_cli_gss_blob(es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send); - if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) { - servicename = "host"; - status = make_cli_gss_blob(es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send); - if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) { - goto fail; - } - } - - do { - data_blob_free(&blob_recv); - status = enc_blob_send_receive(cli, &blob_send, &blob_recv, ¶m_out); - if (param_out.length == 2) { - es->enc_ctx_num = SVAL(param_out.data, 0); - } - data_blob_free(&blob_send); - status = make_cli_gss_blob(es, servicename, fqdn, status, blob_recv, &blob_send); - } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)); - data_blob_free(&blob_recv); - - if (NT_STATUS_IS_OK(status)) { - /* Replace the old state, if any. */ - if (cli->trans_enc_state) { - common_free_encryption_state(&cli->trans_enc_state); - } - cli->trans_enc_state = es; - cli->trans_enc_state->enc_on = True; - es = NULL; - } - - fail: - - common_free_encryption_state(&es); - return status; -} -#else -NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) -{ - return NT_STATUS_NOT_SUPPORTED; -} -#endif -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/libsmb/clifsinfo.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index d2f759b192..a45623b9e4 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -23,10 +23,10 @@ Get UNIX extensions version info. ****************************************************************************/ -BOOL cli_unix_extensions_version(struct cli_state *cli, uint16 *pmajor, uint16 *pminor, +bool cli_unix_extensions_version(struct cli_state *cli, uint16 *pmajor, uint16 *pminor, uint32 *pcaplow, uint32 *pcaphigh) { - BOOL ret = False; + bool ret = False; uint16 setup; char param[2]; char *rparam=NULL, *rdata=NULL; @@ -82,10 +82,10 @@ cleanup: Set UNIX extensions capabilities. ****************************************************************************/ -BOOL cli_set_unix_extensions_capabilities(struct cli_state *cli, uint16 major, uint16 minor, +bool cli_set_unix_extensions_capabilities(struct cli_state *cli, uint16 major, uint16 minor, uint32 caplow, uint32 caphigh) { - BOOL ret = False; + bool ret = False; uint16 setup; char param[4]; char data[12]; @@ -131,9 +131,9 @@ cleanup: return ret; } -BOOL cli_get_fs_attr_info(struct cli_state *cli, uint32 *fs_attr) +bool cli_get_fs_attr_info(struct cli_state *cli, uint32 *fs_attr) { - BOOL ret = False; + bool ret = False; uint16 setup; char param[2]; char *rparam=NULL, *rdata=NULL; @@ -185,9 +185,9 @@ cleanup: return ret; } -BOOL cli_get_fs_volume_info_old(struct cli_state *cli, fstring volume_name, uint32 *pserial_number) +bool cli_get_fs_volume_info_old(struct cli_state *cli, fstring volume_name, uint32 *pserial_number) { - BOOL ret = False; + bool ret = False; uint16 setup; char param[2]; char *rparam=NULL, *rdata=NULL; @@ -241,9 +241,9 @@ cleanup: return ret; } -BOOL cli_get_fs_volume_info(struct cli_state *cli, fstring volume_name, uint32 *pserial_number, time_t *pdate) +bool cli_get_fs_volume_info(struct cli_state *cli, fstring volume_name, uint32 *pserial_number, time_t *pdate) { - BOOL ret = False; + bool ret = False; uint16 setup; char param[2]; char *rparam=NULL, *rdata=NULL; -- cgit From 1b92ea5559bfa00016103508feac9a06ea4b66ae Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Dec 2007 17:16:33 -0800 Subject: Remove pstrings from client/client.c by doing a large rewrite. Mostly compiles.... Jeremy. (This used to be commit c87f3eba9aa52f4ab25d77e2167262bf5c43b1a6) --- source3/libsmb/clifsinfo.c | 62 +++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 31 deletions(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index a45623b9e4..1a75d144b2 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -22,7 +22,7 @@ /**************************************************************************** Get UNIX extensions version info. ****************************************************************************/ - + bool cli_unix_extensions_version(struct cli_state *cli, uint16 *pmajor, uint16 *pminor, uint32 *pcaplow, uint32 *pcaphigh) { @@ -33,18 +33,18 @@ bool cli_unix_extensions_version(struct cli_state *cli, uint16 *pmajor, uint16 * unsigned int rparam_count=0, rdata_count=0; setup = TRANSACT2_QFSINFO; - + SSVAL(param,0,SMB_QUERY_CIFS_UNIX_INFO); - if (!cli_send_trans(cli, SMBtrans2, - NULL, + if (!cli_send_trans(cli, SMBtrans2, + NULL, 0, 0, &setup, 1, 0, param, 2, 0, NULL, 0, 560)) { goto cleanup; } - + if (!cli_receive_trans(cli, SMBtrans2, &rparam, &rparam_count, &rdata, &rdata_count)) { @@ -67,7 +67,7 @@ bool cli_unix_extensions_version(struct cli_state *cli, uint16 *pmajor, uint16 * cli->posix_capabilities = *pcaplow = IVAL(rdata,4); *pcaphigh = IVAL(rdata,8); - /* todo: but not yet needed + /* todo: but not yet needed * return the other stuff */ @@ -75,13 +75,13 @@ cleanup: SAFE_FREE(rparam); SAFE_FREE(rdata); - return ret; + return ret; } /**************************************************************************** Set UNIX extensions capabilities. ****************************************************************************/ - + bool cli_set_unix_extensions_capabilities(struct cli_state *cli, uint16 major, uint16 minor, uint32 caplow, uint32 caphigh) { @@ -93,7 +93,7 @@ bool cli_set_unix_extensions_capabilities(struct cli_state *cli, uint16 major, u unsigned int rparam_count=0, rdata_count=0; setup = TRANSACT2_SETFSINFO; - + SSVAL(param,0,0); SSVAL(param,2,SMB_SET_CIFS_UNIX_INFO); @@ -102,15 +102,15 @@ bool cli_set_unix_extensions_capabilities(struct cli_state *cli, uint16 major, u SIVAL(data,4,caplow); SIVAL(data,8,caphigh); - if (!cli_send_trans(cli, SMBtrans2, - NULL, + if (!cli_send_trans(cli, SMBtrans2, + NULL, 0, 0, &setup, 1, 0, param, 4, 0, data, 12, 560)) { goto cleanup; } - + if (!cli_receive_trans(cli, SMBtrans2, &rparam, &rparam_count, &rdata, &rdata_count)) { @@ -128,7 +128,7 @@ cleanup: SAFE_FREE(rparam); SAFE_FREE(rdata); - return ret; + return ret; } bool cli_get_fs_attr_info(struct cli_state *cli, uint32 *fs_attr) @@ -143,18 +143,18 @@ bool cli_get_fs_attr_info(struct cli_state *cli, uint32 *fs_attr) smb_panic("cli_get_fs_attr_info() called with NULL Pionter!"); setup = TRANSACT2_QFSINFO; - + SSVAL(param,0,SMB_QUERY_FS_ATTRIBUTE_INFO); - if (!cli_send_trans(cli, SMBtrans2, - NULL, + if (!cli_send_trans(cli, SMBtrans2, + NULL, 0, 0, &setup, 1, 0, param, 2, 0, NULL, 0, 560)) { goto cleanup; } - + if (!cli_receive_trans(cli, SMBtrans2, &rparam, &rparam_count, &rdata, &rdata_count)) { @@ -174,7 +174,7 @@ bool cli_get_fs_attr_info(struct cli_state *cli, uint32 *fs_attr) *fs_attr = IVAL(rdata,0); - /* todo: but not yet needed + /* todo: but not yet needed * return the other stuff */ @@ -182,7 +182,7 @@ cleanup: SAFE_FREE(rparam); SAFE_FREE(rdata); - return ret; + return ret; } bool cli_get_fs_volume_info_old(struct cli_state *cli, fstring volume_name, uint32 *pserial_number) @@ -195,18 +195,18 @@ bool cli_get_fs_volume_info_old(struct cli_state *cli, fstring volume_name, uint unsigned char nlen; setup = TRANSACT2_QFSINFO; - + SSVAL(param,0,SMB_INFO_VOLUME); - if (!cli_send_trans(cli, SMBtrans2, - NULL, + if (!cli_send_trans(cli, SMBtrans2, + NULL, 0, 0, &setup, 1, 0, param, 2, 0, NULL, 0, 560)) { goto cleanup; } - + if (!cli_receive_trans(cli, SMBtrans2, &rparam, &rparam_count, &rdata, &rdata_count)) { @@ -230,7 +230,7 @@ bool cli_get_fs_volume_info_old(struct cli_state *cli, fstring volume_name, uint nlen = CVAL(rdata,l2_vol_cch); clistr_pull(cli, volume_name, rdata + l2_vol_szVolLabel, sizeof(fstring), nlen, STR_NOALIGN); - /* todo: but not yet needed + /* todo: but not yet needed * return the other stuff */ @@ -238,7 +238,7 @@ cleanup: SAFE_FREE(rparam); SAFE_FREE(rdata); - return ret; + return ret; } bool cli_get_fs_volume_info(struct cli_state *cli, fstring volume_name, uint32 *pserial_number, time_t *pdate) @@ -251,18 +251,18 @@ bool cli_get_fs_volume_info(struct cli_state *cli, fstring volume_name, uint32 * unsigned int nlen; setup = TRANSACT2_QFSINFO; - + SSVAL(param,0,SMB_QUERY_FS_VOLUME_INFO); - if (!cli_send_trans(cli, SMBtrans2, - NULL, + if (!cli_send_trans(cli, SMBtrans2, + NULL, 0, 0, &setup, 1, 0, param, 2, 0, NULL, 0, 560)) { goto cleanup; } - + if (!cli_receive_trans(cli, SMBtrans2, &rparam, &rparam_count, &rdata, &rdata_count)) { @@ -291,7 +291,7 @@ bool cli_get_fs_volume_info(struct cli_state *cli, fstring volume_name, uint32 * nlen = IVAL(rdata,12); clistr_pull(cli, volume_name, rdata + 18, sizeof(fstring), nlen, STR_UNICODE); - /* todo: but not yet needed + /* todo: but not yet needed * return the other stuff */ @@ -299,5 +299,5 @@ cleanup: SAFE_FREE(rparam); SAFE_FREE(rdata); - return ret; + return ret; } -- cgit From afc93255d183eefb68e45b8ec6275f6a62cf9795 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 26 Dec 2007 17:12:36 -0800 Subject: Add SMB encryption. Still fixing client decrypt but negotiation works. Jeremy. (This used to be commit d78045601af787731f0737b8627450018902b104) --- source3/libsmb/clifsinfo.c | 333 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 333 insertions(+) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 1a75d144b2..107613c618 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -2,6 +2,7 @@ Unix SMB/CIFS implementation. FS info functions Copyright (C) Stefan (metze) Metzmacher 2003 + Copyright (C) Jeremy Allison 2007 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -301,3 +302,335 @@ cleanup: return ret; } + +/****************************************************************************** + Send/receive the request encryption blob. +******************************************************************************/ + +static NTSTATUS enc_blob_send_receive(struct cli_state *cli, DATA_BLOB *in, DATA_BLOB *out, DATA_BLOB *param_out) +{ + uint16 setup; + char param[4]; + char *rparam=NULL, *rdata=NULL; + unsigned int rparam_count=0, rdata_count=0; + NTSTATUS status = NT_STATUS_OK; + + setup = TRANSACT2_SETFSINFO; + + SSVAL(param,0,0); + SSVAL(param,2,SMB_REQUEST_TRANSPORT_ENCRYPTION); + + if (!cli_send_trans(cli, SMBtrans2, + NULL, + 0, 0, + &setup, 1, 0, + param, 4, 0, + (char *)in->data, in->length, CLI_BUFFER_SIZE)) { + status = cli_nt_error(cli); + goto out; + } + + if (!cli_receive_trans(cli, SMBtrans2, + &rparam, &rparam_count, + &rdata, &rdata_count)) { + status = cli_nt_error(cli); + goto out; + } + + if (cli_is_error(cli)) { + status = cli_nt_error(cli); + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + goto out; + } + } + + *out = data_blob(rdata, rdata_count); + *param_out = data_blob(rparam, rparam_count); + + out: + + SAFE_FREE(rparam); + SAFE_FREE(rdata); + return status; +} + +/****************************************************************************** + Make a client state struct. +******************************************************************************/ + +static struct smb_trans_enc_state *make_cli_enc_state(enum smb_trans_enc_type smb_enc_type) +{ + struct smb_trans_enc_state *es = NULL; + es = SMB_MALLOC_P(struct smb_trans_enc_state); + if (!es) { + return NULL; + } + ZERO_STRUCTP(es); + es->smb_enc_type = smb_enc_type; + + if (smb_enc_type == SMB_TRANS_ENC_GSS) { +#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) + es->s.gss_state = SMB_MALLOC_P(struct smb_tran_enc_state_gss); + if (!es->s.gss_state) { + SAFE_FREE(es); + return NULL; + } + ZERO_STRUCTP(es->s.gss_state); +#else + DEBUG(0,("make_cli_enc_state: no krb5 compiled.\n")); + SAFE_FREE(es); + return NULL; +#endif + } + return es; +} + +/****************************************************************************** + Start a raw ntlmssp encryption. +******************************************************************************/ + +NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, + const char *user, + const char *pass, + const char *domain) +{ + DATA_BLOB blob_in = data_blob_null; + DATA_BLOB blob_out = data_blob_null; + DATA_BLOB param_out = data_blob_null; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + struct smb_trans_enc_state *es = make_cli_enc_state(SMB_TRANS_ENC_NTLM); + + if (!es) { + return NT_STATUS_NO_MEMORY; + } + status = ntlmssp_client_start(&es->s.ntlmssp_state); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + ntlmssp_want_feature(es->s.ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + es->s.ntlmssp_state->neg_flags |= (NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL); + + if (!NT_STATUS_IS_OK(status = ntlmssp_set_username(es->s.ntlmssp_state, user))) { + goto fail; + } + if (!NT_STATUS_IS_OK(status = ntlmssp_set_domain(es->s.ntlmssp_state, domain))) { + goto fail; + } + if (!NT_STATUS_IS_OK(status = ntlmssp_set_password(es->s.ntlmssp_state, pass))) { + goto fail; + } + + do { + status = ntlmssp_update(es->s.ntlmssp_state, blob_in, &blob_out); + data_blob_free(&blob_in); + data_blob_free(¶m_out); + if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) { + NTSTATUS trans_status = enc_blob_send_receive(cli, + &blob_out, + &blob_in, + ¶m_out); + if (!NT_STATUS_EQUAL(trans_status, + NT_STATUS_MORE_PROCESSING_REQUIRED) && + !NT_STATUS_IS_OK(trans_status)) { + status = trans_status; + } else { + if (param_out.length == 2) { + es->enc_ctx_num = SVAL(param_out.data, 0); + } + } + } + data_blob_free(&blob_out); + } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)); + + data_blob_free(&blob_in); + + if (NT_STATUS_IS_OK(status)) { + /* Replace the old state, if any. */ + if (cli->trans_enc_state) { + common_free_encryption_state(&cli->trans_enc_state); + } + cli->trans_enc_state = es; + cli->trans_enc_state->enc_on = True; + es = NULL; + } + + fail: + + common_free_encryption_state(&es); + return status; +} + +#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) + +#ifndef SMB_GSS_REQUIRED_FLAGS +#define SMB_GSS_REQUIRED_FLAGS (GSS_C_CONF_FLAG|GSS_C_INTEG_FLAG|GSS_C_MUTUAL_FLAG|GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG) +#endif + +/****************************************************************************** + Get client gss blob to send to a server. +******************************************************************************/ + +static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es, + const char *service, + const char *host, + NTSTATUS status_in, + DATA_BLOB spnego_blob_in, + DATA_BLOB *p_blob_out) +{ + const char *krb_mechs[] = {OID_KERBEROS5, NULL}; + OM_uint32 ret; + OM_uint32 min; + gss_name_t srv_name; + gss_buffer_desc input_name; + gss_buffer_desc *p_tok_in; + gss_buffer_desc tok_out, tok_in; + DATA_BLOB blob_out = data_blob_null; + DATA_BLOB blob_in = data_blob_null; + char *host_princ_s = NULL; + OM_uint32 ret_flags = 0; + NTSTATUS status = NT_STATUS_OK; + + gss_OID_desc nt_hostbased_service = + {10, CONST_DISCARD(char *,"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04")}; + + memset(&tok_out, '\0', sizeof(tok_out)); + + /* Get a ticket for the service@host */ + asprintf(&host_princ_s, "%s@%s", service, host); + if (host_princ_s == NULL) { + return NT_STATUS_NO_MEMORY; + } + + input_name.value = host_princ_s; + input_name.length = strlen(host_princ_s) + 1; + + ret = gss_import_name(&min, + &input_name, + &nt_hostbased_service, + &srv_name); + + if (ret != GSS_S_COMPLETE) { + SAFE_FREE(host_princ_s); + return map_nt_error_from_gss(ret, min); + } + + if (spnego_blob_in.length == 0) { + p_tok_in = GSS_C_NO_BUFFER; + } else { + /* Remove the SPNEGO wrapper */ + if (!spnego_parse_auth_response(spnego_blob_in, status_in, OID_KERBEROS5, &blob_in)) { + status = NT_STATUS_UNSUCCESSFUL; + goto fail; + } + tok_in.value = blob_in.data; + tok_in.length = blob_in.length; + p_tok_in = &tok_in; + } + + ret = gss_init_sec_context(&min, + GSS_C_NO_CREDENTIAL, /* Use our default cred. */ + &es->s.gss_state->gss_ctx, + srv_name, + GSS_C_NO_OID, /* default OID. */ + GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, + GSS_C_INDEFINITE, /* requested ticket lifetime. */ + NULL, /* no channel bindings */ + p_tok_in, + NULL, /* ignore mech type */ + &tok_out, + &ret_flags, + NULL); /* ignore time_rec */ + + status = map_nt_error_from_gss(ret, min); + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) { + ADS_STATUS adss = ADS_ERROR_GSS(ret, min); + DEBUG(10,("make_cli_gss_blob: gss_init_sec_context failed with %s\n", + ads_errstr(adss))); + goto fail; + } + + if ((ret_flags & SMB_GSS_REQUIRED_FLAGS) != SMB_GSS_REQUIRED_FLAGS) { + status = NT_STATUS_ACCESS_DENIED; + } + + blob_out = data_blob(tok_out.value, tok_out.length); + + /* Wrap in an SPNEGO wrapper */ + *p_blob_out = gen_negTokenTarg(krb_mechs, blob_out); + + fail: + + data_blob_free(&blob_out); + data_blob_free(&blob_in); + SAFE_FREE(host_princ_s); + gss_release_name(&min, &srv_name); + if (tok_out.value) { + gss_release_buffer(&min, &tok_out); + } + return status; +} + +/****************************************************************************** + Start a SPNEGO gssapi encryption context. +******************************************************************************/ + +NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) +{ + DATA_BLOB blob_recv = data_blob_null; + DATA_BLOB blob_send = data_blob_null; + DATA_BLOB param_out = data_blob_null; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + fstring fqdn; + const char *servicename; + struct smb_trans_enc_state *es = make_cli_enc_state(SMB_TRANS_ENC_GSS); + + if (!es) { + return NT_STATUS_NO_MEMORY; + } + + name_to_fqdn(fqdn, cli->desthost); + strlower_m(fqdn); + + servicename = "cifs"; + status = make_cli_gss_blob(es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send); + if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) { + servicename = "host"; + status = make_cli_gss_blob(es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send); + if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) { + goto fail; + } + } + + do { + data_blob_free(&blob_recv); + status = enc_blob_send_receive(cli, &blob_send, &blob_recv, ¶m_out); + if (param_out.length == 2) { + es->enc_ctx_num = SVAL(param_out.data, 0); + } + data_blob_free(&blob_send); + status = make_cli_gss_blob(es, servicename, fqdn, status, blob_recv, &blob_send); + } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)); + data_blob_free(&blob_recv); + + if (NT_STATUS_IS_OK(status)) { + /* Replace the old state, if any. */ + if (cli->trans_enc_state) { + common_free_encryption_state(&cli->trans_enc_state); + } + cli->trans_enc_state = es; + cli->trans_enc_state->enc_on = True; + es = NULL; + } + + fail: + + common_free_encryption_state(&es); + return status; +} +#else +NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) +{ + return NT_STATUS_NOT_SUPPORTED; +} +#endif -- cgit From 9baa97a46ebb92a5968ceba0fb5c2de51e6fa8f0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 5 Jan 2008 00:23:35 -0800 Subject: Add general '-e' option to enable smb encryption on tools. Jeremy. (This used to be commit 757653966fc1384159bd2d57c5670cd8af0cae96) --- source3/libsmb/clifsinfo.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 107613c618..fb923378ab 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -634,3 +634,36 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) return NT_STATUS_NOT_SUPPORTED; } #endif + +/******************************************************************** + Ensure a connection is encrypted. +********************************************************************/ + +NTSTATUS cli_force_encryption(struct cli_state *c, + const char *username, + const char *password, + const char *domain) +{ + uint16 major, minor; + uint32 caplow, caphigh; + + if (!SERVER_HAS_UNIX_CIFS(c)) { + return NT_STATUS_NOT_SUPPORTED; + } + + if (!cli_unix_extensions_version(c, &major, &minor, &caplow, &caphigh)) { + return NT_STATUS_UNKNOWN_REVISION; + } + + if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) { + return NT_STATUS_UNSUPPORTED_COMPRESSION; + } + + if (c->use_kerberos) { + return cli_gss_smb_encryption_start(c); + } + return cli_raw_ntlm_smb_encryption_start(c, + username, + password, + domain); +} -- cgit From 317639287886181edf08ccecad1b324e4cc55d0b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 25 Feb 2008 15:24:49 +0100 Subject: Fix some warnings warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result (This used to be commit ad37b7b0aee265a3e4d8b7552610f4b9a105434d) --- source3/libsmb/clifsinfo.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index fb923378ab..f4945f812a 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -497,8 +497,7 @@ static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es, memset(&tok_out, '\0', sizeof(tok_out)); /* Get a ticket for the service@host */ - asprintf(&host_princ_s, "%s@%s", service, host); - if (host_princ_s == NULL) { + if (asprintf(&host_princ_s, "%s@%s", service, host) == -1) { return NT_STATUS_NO_MEMORY; } -- cgit From 6e2e0e2ce7ebef473cf8f8787363500eb090d692 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 28 Feb 2008 06:01:09 -0800 Subject: Fix the build - don't use SMB_TRANS_ENC_GSS without KRB5. Jeremy. (This used to be commit d16c295642c3df49be02440427ded0cd9b4179f5) --- source3/libsmb/clifsinfo.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index f4945f812a..0005c3908a 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -368,20 +368,16 @@ static struct smb_trans_enc_state *make_cli_enc_state(enum smb_trans_enc_type sm ZERO_STRUCTP(es); es->smb_enc_type = smb_enc_type; - if (smb_enc_type == SMB_TRANS_ENC_GSS) { #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) + if (smb_enc_type == SMB_TRANS_ENC_GSS) { es->s.gss_state = SMB_MALLOC_P(struct smb_tran_enc_state_gss); if (!es->s.gss_state) { SAFE_FREE(es); return NULL; } ZERO_STRUCTP(es->s.gss_state); -#else - DEBUG(0,("make_cli_enc_state: no krb5 compiled.\n")); - SAFE_FREE(es); - return NULL; -#endif } +#endif return es; } -- cgit From e8c7ff3e880c7c7e696c5ba7baa8536b4ea7cb89 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 8 Aug 2008 14:32:15 -0700 Subject: Add Derrick Schommer's kerberos delegation patch. Some work by me and advice by Love. Jeremy. (This used to be commit ecc3838e4cb5d0c0769ec6d9a34a877ca584ffcc) --- source3/libsmb/clifsinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb/clifsinfo.c') diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 0005c3908a..5e73b61cd2 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -528,7 +528,7 @@ static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es, &es->s.gss_state->gss_ctx, srv_name, GSS_C_NO_OID, /* default OID. */ - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, + GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG, GSS_C_INDEFINITE, /* requested ticket lifetime. */ NULL, /* no channel bindings */ p_tok_in, -- cgit